If you have a public facing APEX instance it would be mandatory to secure it with TLS 1.2 or SSL. If you want to enable https for a public facing web server, it’s always recommended to use a public certificate authority or at-least use Lets encrypt to generate certificates.Self-signed certificates are not to be put on a public expose service. Ideally, it is better to use a reverse proxy in front (like httpd or NGINX) with tomcat connecting to the DB in backend. First step is to enable HTTPS from ORDS——————- STEP A : Enable HTTPS for ORDS ———— Login to your ORDS on http://localhost:8080/ords Login as “internal” workspace Go to Manage Instance > Security Enable HTTPS Require HTTPS: Always Require Outbound HTTPS : No Apply Changes Save..Now go to Step B to enable HTTPS for Apache Tomcat

——————- STEP B : Self-Signed Certificates for Tomcat which is only used on the local network ———— Enable HTTPS for Apache Tomcat for localhost (this is only for webserver which is not facing the internet ) 1. As Apache Tomcat User, generate a keystore with Java

-w it is the path of ‘webapps’ directory in your CATALINA_HOME directory-d your domainSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator webroot, Installer NoneStarting new HTTPS connection (1): acme-v01.api.letsencrypt.orgObtaining a new certificatePerforming the following challenges:http-01 challenge for whadev.whitehat-staging.com.auUsing the webroot path /home/whadev/public_html for all unmatched domains.Waiting for verification…Cleaning up challenges

IMPORTANT NOTES: – Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/whadev.whitehat-staging.com.au/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/whadev.whitehat-staging.com.au/privkey.pem Your cert will expire on 2018-10-07. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run “certbot renew” – If you like Certbot, please consider supporting our work by:Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

2 comments

I was asked to enable HTTPS for ORDS. so I followed your instruction to go to Apex app, Go to Manage Instance > Security, Enable HTTPS Require HTTPS: Always Require Outbound HTTPS : No Then applied changes. the Apex app site is not reachable. I didn’t do anything else yet. Now I want to disable the HTTPS so I can open the Apex app. but it is not reachable now. How can I change the setting back to the original so I can open the Apex?